[TAG] How not to do DNS, example n+1

Jay R. Ashworth jra at baylink.com
Thu Nov 24 00:36:24 MSK 2005 

On Wed, Nov 23, 2005 at 12:13:58PM -0800, Rick Moen wrote:
> Quoting Mike Orr (sluggoster at gmail.com):
> > Rick's overview would make a great article.  it's one of those things
> > you otherwise have to dedice, that nameservers are used in four
> > different ways.
> > 
> > I would also mention the difference between master and slave servers
> > (Alice and her friend), vs the primary and secondary servers listed at
> > the registrar.  The two are unrelated but easy to confuse.
> 
> Err... there _is_ zero functional difference between "primary" and
> "secondary" servers at a domain's registrar.  They're treated exactly
> the same, there.  Order of listing makes no difference.

You misunderstood him, Rick.

> > I have a private master that feeds my friend's servers, but the
> > primary and secondary servers listed at the registrar are both his.
> 
> I suspect the distinction you actually were trying to articulate
> _wasn't_ master/slave versus primary/secondary, but rather authoritative
> vs. non-authoritative.

His distinction was indeed primary and secondary versus master and
slave.

The former pair are *both* publicly visible and can be either master
*or* slave.  Master/slave makes a difference to the people who have to
manage the nameservers, but the people running the parent zone and the
public don't have to care.

But Mike's point is in fact that they're orthogonal descriptions, but
they're easy for newcomers to confuse.

> _Your_ private nameserver, for example, isn't authoritative for your
> friend's zone (domain).  That has nothing to do with whether its
> relationship to your friend's nameserver(s) is that of master or slave
> for purposes of zone transfers.

Precisely.

> It _is_ connected to the issue of being "listed at the registrar", but 
> only in the sense of it _not being listed at all_ -- which renders it 
> non-authoritative.  If it had been so listed, that would have made it
> authoritative, regardless of whether you considered your nameserver's NS
> record at your friend's domain's registrar to be "primary" or
> "secondary" -- a distinction without a difference, in that context.

Perhaps I'm misunderstanding you, now, Rick, but an "authoritative"
server in the traditional sense of that term is one which is publicly
visible, and has a local copy of the zone whether it is a primary *or*
a slave, is it not?

It's used to distinguish from a non-authoritatve server, which has the
answer to give only because someone previously recursed through it...

My understanding of the axes is


Master ---- slave ---- non-authoritative

Public
  |
Private

Master


Is that an incorrect evaluation, then?

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra at baylink.com
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

	"Space is called 'space' because there's so much *space* there."
		- John Walker, of Fourmilab, on Trek's End

More information about the TAG mailing list